WordPress Login Security Plugins
23 Feb 2014Just some WordPress minutia:
I’d been using Simple Login Lockdown to handle locking IPs out when attempting to many logins. Over the past few months, every now and then I’d notice that I’d get locked out of my own site.
A quick bit of reading turned up that Simple Login Lockdown doesn’t handle being behind a reverse proxy (i.e. Varnish or nginx) particularly well.
A few searches later, and I switched to Limit Login Attempts, which supports running WordPress behind the aforementioned reverse proxies. So far, so good.
I should probably also use something like fail2ban with failed logins, and actually block failed logins at the firewall. Looks like there’s a plugin that does that, WP fail2ban, though I’ve not looked too closely at it. In a real quick overview, it looks pretty nifty.